Skip to content

Enabling and disabling remote access

When you click the tile of an Edge Device, you cannot open the Edge Device UI in a new browser tab because the remote access is disabled. To open the Edge Device UI in a new browser tab by clicking the tile of the Edge Device, first you have to enable the remote access to the Edge Device.

Requirement

A relay server has been added.

You find information on how to add a relay server in the Adding a relay server subsection in the Industrial Edge Management - Getting Started manual.

Enabling remote access

  1. Click the app_more.png icon of the Edge Device for which you want to enable the remote access.

  2. Click Enable Remote Access.
    The Enable Remote Access screen is displayed.

  3. In the Expiry Time input field, set the time for the Edge Device to be enabled for the remote access.
    The maximum enabled remote access time is 10 hours, the minimum time is 2 hours.

  4. Click Enable.
    An enable remote access job is created which you can check in the Job Status screen. When the job is completed, you can access the Edge Device UI.
    After the enabled remote access time has passed, the Edge Device is no longer accessible.

Disabling remote access

  1. Click the app_more.png icon of the Edge Device for which you want to disable the remote access.

  2. Click Disable Remote Access.
    The Disable Remote Access command is only available for Edge Devices which have enabled the remote access.
    The Disable Remote Access screen is displayed.

  3. Click Disable.
    A disable remote access job is created.
    When the job is completed, the Edge Device is no longer accessible.

NOTICE

With remote access enabled, if a K8s IEM becomes inaccessible, it takes up to 7 minutes to connect via remote access once the IEM is connected to the IED. With remote access enabled, if a non-K8s IEM becomes inaccessible, it takes up to 15 minutes to connect via remote access once the IEM is connected to the IED.

NOTICE

To ensure the highest standards of data integrity and authenticity, in line with the principles of the Cyber Resilience Act (CRA) and the NIS2 Directive, the Industrial Edge Management (IEM) system will proactively terminate active remote connections upon detection of an IP address change or a device reboot. This measure is crucial, as an IP change could indicate an unauthorized network alteration or even a potential Man-in-the-Middle (MITM) attack. A device reboot, in turn, resets the operational state of the device. Therefore, re-establishing a connection requires a complete re-verification of both the device's identity and its current secure operational state. This significantly minimizes the attack surface and ensures robust session management.